{ $schema: "https://docs.renovatebot.com/renovate-schema.json", extends: [ ":preserveSemverRanges", ":semanticCommitsDisabled", ":separateMajorReleases", "config:recommended", "helpers:pinGitHubActionDigests", ], commitMessagePrefix: "deps:", commitMessageAction: "update", prConcurrentLimit: 1, addLabels: [ "dependencies" ], postUpdateOptions: [ "gomodTidy", "gomodUpdateImportPaths", ], nix: { enabled: true }, npm: { enabled: true }, lockFileMaintenance: { enabled: true, schedule: [ "before 4am" ], }, packageRules: [ { // Group lockfile maintenance updates by manager. // https://github.com/renovatebot/renovate/discussions/28068 matchUpdateTypes: [ "lockFileMaintenance" ], additionalBranchPrefix: "{{manager}}-", commitMessageAction: "update", commitMessageExtra: "{{manager}} lock file", }, { // Enable update of indirect Go dependencies. // This rule should not be confused with the grouping of // indirect Go dependencies further down. matchManagers: [ "gomod" ], matchDepTypes: [ "indirect" ], enabled: true, }, { // Group update of indirect Go dependencies. groupName: "Go indirect dependencies", matchManagers: [ "gomod" ], matchDepTypes: [ "indirect" ], dependencyDashboardApproval: true, prPriority: -30, // Lower priority, higher risk of causing breakage. }, { // Group update of direct Go dependencies. groupName: "Go dependencies", matchManagers: [ "gomod" ], matchDepTypes: [ "require" ], matchUpdateTypes: [ "bump", "digest", "lockFileMaintenance", "minor", "patch", "pin", "pinDigest", "rollback", ], }, { // Group update of GitHub actions dependencies. matchManagers: [ "github-actions" ], groupName: "GitHub action dependencies", matchUpdateTypes: [ "bump", "digest", "lockFileMaintenance", "minor", "patch", "pin", "pinDigest", "rollback", ], }, { // Group update of Terraform dependencies. groupName: "Terraform dependencies", matchManagers: [ "terraform" ], matchUpdateTypes: [ "bump", "digest", "lockFileMaintenance", "minor", "patch", "pin", "pinDigest", "rollback", ], }, { // Disable updating of locally-replaced dependencies. matchPackageNames: [ "github.com/edgelesssys/contrast/node-installer" ], enabled: false, }, ], }